Refactored how the terms of service and privacy policy are stored, by

allowing changing them with 0 downtime
2025-09-05 21:18:14 +00:00 · 2025-07-07 18:46:47 +03:00
parent d58c7a20f1
commit 047d33b3ae
10 changed files with 380 additions and 67 deletions
--- a/embeds/embeds.go
+++ b/embeds/embeds.go
@@ -0,0 +1,21 @@
+package embeds
+
+import (
+	_ "embed"
+	"sync/atomic"
+)
+
+//go:embed server.crt
+var ServerCertificate []byte
+
+//go:embed stub-tos.md
+var StubTos string
+
+//go:embed stub-privacy.md
+var StubPrivacy string
+
+var (
+	TermsOfService atomic.Value
+	PrivacyPolicy  atomic.Value
+	TosPrivacyHash atomic.Value
+)
--- a/embeds/server.crt
+++ b/embeds/server.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFTTCCAzWgAwIBAgIUTsQ3R+ilXeKPTY07nY0Ehb2P2ggwDQYJKoZIhvcNAQEL
+BQAwNTElMCMGCSqGSIb3DQEJARYWZWtvLWFwcEBwcm90b25tYWlsLmNvbTEMMAoG
+A1UEAwwDRWtvMB4XDTI1MDcwNjIxMjE1M1oXDTM1MDcwNDIxMjE1M1owNTElMCMG
+CSqGSIb3DQEJARYWZWtvLWFwcEBwcm90b25tYWlsLmNvbTEMMAoGA1UEAwwDRWtv
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo92HxSgsH/Wcgsnul62V
+cwcQ3QHv1JEHnfUGDWBlAkCrcCRxIGMHxYdsWij/sdHRces9ZZyrc8ldMNxiK511
+Syj1kaH8O70b8YY6rlxGb+kNa3MHJcCm7CUlzwcSeZl3Hlr/l5AUqG6ZNymVTdM4
+hfrctySoHMzowAnJFXDfcFSzKnvY39eecC+0qkve6N5rNyTqXQn0o19zUo9pq8j8
+vAHgz2nS9ma7QS7Xw6Mss3F3hRsgVzF2r8xYL1SXSYN9jKsUFE/qdsSoxSJmtYv+
+3aXTq11cpOl1iOiTt7InUE/k6Mq2nRWEPDG61FCOZ84nJrZGxujB6FRwFuAapOHC
+WuTqxtqL02+83nDkakoF2SWD2aGr2wZrJ9NRRAVZraDwOs7D17wY2XRb5jNeeGg6
+tqhELC9dph1L9HO/NHFmj4Mc3V2dhaaZZY6rmxUZ6WCslVvNEvS4vsw6Xv5TOqfa
+lCiEhdD3OzhhI0+w5zxK+rHJQBC5O2oFVz1xJPO7FGGkIpYPv4G4Yx27YuuWK+/f
+0VkpQPtVEd0Sj2E/hHwQ4b8EH+EUwqLp57sEoYTOQdcujsv8JQqevoz1d/JIaumm
+0lFw3FSLXWiJu9izpg78j1LCqyDlmD9j1l1wrsexn3Y4S0gSM+hXXivwet5jwnxZ
+J7UmQVLWHaBj58eNKubq8ncCAwEAAaNVMFMwCQYDVR0TBAIwADALBgNVHQ8EBAMC
+BaAwGgYDVR0RBBMwEYIPZWtvLmt5cmVuLmNvZGVzMB0GA1UdDgQWBBTwPJeVtpDc
+PxI7NfMWltdB1pOqKjANBgkqhkiG9w0BAQsFAAOCAgEAAcQXnKI/CqcTuVvu5hEg
+qEXnZp0qIcXCFuQHs7WWNz54nLSYhEfOI4mE1hRVpDzv52cgMcTv0wloIud8yi1j
+vdGPwPxdoGwy4jn1DrANIbTyWwtBmWB/K1FMntmqw35jRyttGxItgI5Qlxq+xvad
+/Pw4UhXUNzFHIlQZisyThQH8jG/BhOsW66wboE9HtQo2VuigRgv/SADrOqrwqf0K
+WRhvnRYs5FcAGJPmsr3HBSJQ2NcGyFk50BtqYX3w4vRvkCje3e4RltlsEoCJWmiJ
+ABLXZDXOOKStRMSCZOVGVB+QO5AjI0lMdWqW7vlfnYYWpo8N8v/5pxLLY9fsU29f
+kkUA8E+/z17TLgAqyyDKupjPiUaE1LdY9Cmwpam/ej/4WIp2NOQgTZVYouKglKel
+U+4lEt0tPlhhrfAeD4e/f8w3VnkwuX31dfDhnLUS3YSM+n3KwF7ffaaRp3dOhfwv
+DXeSvkL8ftA1q52tcuZ33+JDlGwcFdoVA8liuai69ySNBS8+dX6F4r+2ZPjpQ0JJ
+SypuVuhhKMiO1efeDHEFGx3rYfjeMHKHmIMQ4jSPAJHTUQyJH2t5tjbehnINFey
+YfVbRhDftDaiIX+M1EnT2iguHfa/xjiGjkJyBJfKff/Fid8iWrItfaUZEgYNhPfq
+fnvP5pMg97v+Z5Bxt0/CMmI=
+-----END CERTIFICATE-----
--- a/embeds/stub-privacy.md
+++ b/embeds/stub-privacy.md
@@ -0,0 +1,69 @@
+# Privacy Policy
+
+**Last Updated:** July 7, 2025
+
+This Privacy Policy explains how we handle data when you use our anonymous communication platform. The service operates without requiring user‑submitted personal identifiers such as names or email addresses. However, we do process certain technical data (e.g. IP addresses) which may be considered personal data under some laws.
+
+## 1. What We Collect
+
+When using the service, we collect the following:
+
+- **IP address and port** – for connection tracking and abuse prevention
+- **User ID** – a stable 64-bit identifier generated on first login
+- **Request data** – including message contents and other client requests
+- **Usage metrics** – such as API usage frequency and session durations
+- **System analytics** (optional) – OS, architecture, RAM, and terminal-related environment variables
+
+System analytics are enabled by default and can be disabled at any time in the client's local configuration file. They are used solely for technical improvement and never for tracking or profiling. To reduce duplicates, the client may generate a random, local device ID not tied to your account. This ID is used only for aggregate analytics and may appear in short-term logs (see Section 3: Log Retention).
+
+We do not require or collect real names, emails, or similar personal identifiers. If you voluntarily include such data in messages or display names, you do so at your own discretion and are responsible for its content.
+
+## 2. Why We Collect It
+
+We collect this data in order to:
+
+- Maintain the functionality and stability of the service
+- Debug issues and monitor abuse
+- Improve system performance and reliability
+- Analyze aggregate usage patterns
+- Understand user environments to improve compatibility and experience
+
+We do **not sell your data to advertisers or third parties**.
+
+## 3. Log Retention
+
+We store logs of requests and connection events, which may include IP addresses, User IDs, and full request content (such as messages or device analytics).
+
+### How Logging Works
+
+- There is always one active log file ("current"), which is written to during runtime.
+- The log is rotated either when it exceeds 100MB or every midnight (UTC time) if the server isn't down.
+- Each time rotation occurs, the system checks for and deletes any archived logs that are older than 7 days from their rotation timestamp.
+
+**Note:** Logs are typically deleted after approximately 7 to 14 days, but may remain on disk longer if log rotation has not occurred (for example, due to server downtime or low activity).
+
+## 4. Account and Message Deletion
+
+You may delete your account at any time. When this happens:
+
+- Your account is flagged as deleted
+- All servers ("networks") **you own** are deleted, along with all messages in those servers ("networks")
+
+Messages you’ve sent to other servers ("networks") or users ("signals") **are not deleted automatically**, but you may delete them individually if you still have access to them.
+
+Log data associated with your account is retained temporarily as part of standard rotation, even after account deletion.
+
+## 5. User Rights
+
+Under GDPR and similar laws, you can:
+
+- **Access or correct** your data
+- **Erase** your account (logs auto‑delete after approximately 7 to 14 days)
+- **Disable** system analytics (connection logs remain under legitimate interest)
+
+To exercise any right, email **eko-app@protonmail.com** with your User ID.
+We’ll make reasonable efforts to respond to verifiable data‑subject requests within 30 days.
+
+## 6. Changes to This Policy
+
+We may modify this Privacy Policy at any time, with or without notice. Your continued use of the service after any change constitutes your acceptance of the updated policy.
--- a/embeds/stub-tos.md
+++ b/embeds/stub-tos.md
@@ -0,0 +1,68 @@
+# Terms of Service
+
+**Last Updated:** July 7, 2025
+
+## 1. Acceptance of Terms
+
+By accessing or using this service, you agree to be bound by these Terms. If you do not agree, do not use the service.
+
+## 2. Service Description & Eligibility
+
+This is the **official public instance** of Eko, an open-source, donation-supported anonymous communication platform, operated at `eko.kyren.codes`. It is provided free of charge and operated in good faith by the project maintainers for community use.
+
+This service is **non-commercial**. While voluntary donations may be accepted to support hosting and development, they do not entitle donors to any service guarantees or contractual rights. Donors may receive optional cosmetic recognition (e.g. icons or badges), which has no functional impact on the service.
+
+You must be **at least 13 years old**, or the minimum legal age in your jurisdiction, to use the service.
+
+## 3. User Conduct & Termination
+
+You are solely responsible for your actions, behavior, and any content you submit. We may monitor or moderate content at our discretion, but are not obligated to do so. We do not endorse or verify user content, and you agree not to hold us liable for anything you or others post, transmit, or share.
+
+You must not use the service to engage in illegal, harmful, abusive, or otherwise prohibited behavior.
+
+We reserve the right to suspend, restrict, or terminate your access to the service **at any time, for any reason or no reason**, with or without notice, and without obligation to disclose the reason.
+
+## 4. Privacy & Data Collection
+
+Your use of the service is subject to our Privacy Policy.
+
+We do not require or request user-submitted identifiers such as real names or email addresses. However, technical data such as IP addresses and usage information may be logged for abuse prevention and system monitoring purposes. These logs are automatically deleted after approximately 7 to 14 days.
+
+## 5. No Warranty; Use at Your Own Risk
+
+THE SERVICE IS PROVIDED **"AS IS"** AND **"AS AVAILABLE"**, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.
+TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
+WE DO NOT GUARANTEE THAT THE SERVICE WILL BE UNINTERRUPTED, SECURE, OR ERROR‑FREE, OR THAT IT WILL MEET YOUR EXPECTATIONS.
+
+You assume full responsibility for any consequences resulting from your use of the service.
+
+## 6. Limitation of Liability
+
+TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE SERVICE OPERATORS, CONTRIBUTORS, OR ANYONE INVOLVED IN PROVIDING THE SERVICE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, PROFITS, GOODWILL, OR OTHER INTANGIBLE LOSSES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+THIS LIMITATION OF LIABILITY APPLIES TO ALL CLAIMS, WHETHER BASED ON WARRANTY, CONTRACT, TORT, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
+
+## 7. Indemnification
+
+You agree to defend, indemnify, and hold harmless the service operators and contributors from and against any claims, damages, obligations, losses, liabilities, or expenses arising from your use of the service or violation of these Terms.
+
+## 8. Changes to These Terms
+
+We may modify these Terms or discontinue the service at any time, with or without notice. Your continued use of the service after any change constitutes your acceptance of the updated Terms.
+
+## 9. Contact & Data Requests
+
+To exercise rights under applicable privacy laws (such as access or erasure), or for general questions about the service, contact **eko-app@protonmail.com**.
+Include your User ID if applicable. We will make reasonable efforts to respond to verifiable requests within 30 days.
+
+## 10. Governing Law & Dispute Resolution
+
+These Terms are governed by the laws of Israel, without regard to conflict-of-law principles. Any dispute arising from or relating to these Terms or the service shall be subject to the exclusive jurisdiction of the courts located in Israel.
+
+Nothing in these Terms limits rights granted by applicable law that cannot be waived by contract.
+
+## 11. Independent Instances
+
+This service is the official public instance of Eko, operated by Kyren223 at `eko.kyren.codes`. Other independently operated instances may exist but are not affiliated with, endorsed by, or responsible to us.
+
+These Terms apply exclusively to the official public instance. Reuse of these Terms by other instances is discouraged, as doing so may result in inaccurate representations or legal confusion.